Open Source 360 Survey Results
Melden
Tim MackeyFolgen
27. Jun 2017•0 gefällt mir•1,238 Aufrufe
1 gefällt mir
Sei der Erste, dem dies gefällt
Mehr anzeigen
Aufrufe
Aufrufe insgesamt
0
Auf Slideshare
0
Aus Einbettungen
0
Anzahl der Einbettungen
0
Check these out next
Open Source 360 Survey Results
27. Jun 2017•0 gefällt mir•1,238 Aufrufe
1 gefällt mir
Sei der Erste, dem dies gefällt
Mehr anzeigen
Aufrufe
Aufrufe insgesamt
0
Auf Slideshare
0
Aus Einbettungen
0
Anzahl der Einbettungen
0
Downloaden Sie, um offline zu lesen
Melden
Technologie
As presented via webinar. The Open Source 360 survey is in its 11th year and surveyed over 800 IT professionals about their use of open source components and technologies. In prior years, this survey was known as the Future Of Open Source. Key takeaways include: - Open Source usage is growing within global organizations - Organizations recognize risks of consumption exist - Tooling to keep pace with risks is limited - Contributions to project communities are key to success
Tim MackeyFolgen
Recomendados
A question of trust - understanding Open Source risksTim Mackey
PCI and Vulnerability Assessments - What’s Missing?Black Duck by Synopsys
Q1 2016 Open Source Security Report: Glibc and BeyondBlack Duck by Synopsys
Open Source Outlook: Expected Developments for 2016Black Duck by Synopsys
Open Source Insight: Open Source 360 Survey, DockerCon 2017, & More on the Cl...Black Duck by Synopsys
You Can’t Live Without Open Source - Results from the Open Source 360 SurveyBlack Duck by Synopsys
Open Source 360 Survey Results
- #OSS360
- #OSS360 Collaborators Platinum CollaboratorsCollaborators
- #OSS360 Black Duck Center for Open Source Research and Innovation 2016-2017 Open Source Security and Risk Analyses Future of Open Source Reports
- #OSS360 Agenda • Demographics • Open Source Adoption • Open Source Risks • Risk Remediation • A Look to the Future
- #OSS360 DEMOGRAPHICS
- #OSS360 Global Survey Response 819 IT Professionals from 91 countries
- #OSS360 2% 2% 3% 3% 4% 4% 7% 7% 11% 12% 43% Retail Health Care Media Automotive Manufacturing Government/Military Banking and Financial Services Education Other Consulting Technology/ISV Telecommunications Industry Representation
- #OSS360 Open Source Awareness is Organization Wide Legal Professional VP/C-Level Executive Development Manager/Director Other Security Professional Systems Architect/CTO IT Operations/DevOps Professional Software Developer 65% of respondents are developers, IT operations, system architects, security professionals
- #OSS360 USAGE
- #OSS360 60% Increased Open Source Usage 26% Remained Constant Momentum for Open Source Continues to Increase 86% of organizations report Open Source use increased or remained constant
- #OSS360 Organizations Use Open Source to… 16% 28% 69% 69% 77% Embed in hardware products Develop open source software Power our infrastructure Create customer applications Build internal applications
- #OSS360 Open Source Fulfills Strategic Objectives 37% 44% 55% 55% 67% 84% Availablity of skilled developers Code quality and security Rate of innovation Functionality Freedom to customize code Low cost with no vendor lock-in
- #OSS360 Open Source is Core to IT Infrastructure 52% 53% 57% Systems Management/Operating Systems Containers/DevOps/Virtualization/Cloud Computing Development Tools/Software Development Lifecycle
- #OSS360 The Impact of Open Source is Significant 55% 61% 63% Improves interoperability of systems Improves quality of solutions we build Speeds innovation
- #OSS360 CONTRIBUTION
- #OSS360 Organizations Recognize Benefits to Participation 34% 46% 53% Deliver product as open source Encourage active engagement and contributions Fix and enhance existing projects
- #OSS360 Contributions Reduce Overall Cost of Ownership Shift From 2016 69% Fix Bugs 33% Reduce Costs 37% 38% 49% 55% Gain competitive advantage Fundamental to our product strategy Reduce development and support costs Fix bugs or add functionality
- #OSS360 Open Source Community Involvement is Healthy and Growing 48% said the number of people contributing to open source in their organization is increasing. 25% have more than 50% of their developers contributing to one or more OSS projects
- #OSS360 POLICY and GOVERNANCE
- #OSS360 Organizations Understand Open Source Risks …. 53.5% 53.7% 54.6% Comply with open source licenses Monitor project and version usage Aware of known security vulnerabilities
- #OSS360 …. But Open Source is Still Unmanaged in Most Organizations 60% don’t have a formal process for managing open source or are unaware of one in their organization OVER Other (please specify) 2% I don’t know 16% No, we do not have a formal process 45% Yes - Multiple departmental processes 10% Yes - standardized company-wide process 27% Other 37%
- #OSS360 Respondents Highlighted Successful Open Source Policies … 33% 39% 39% 42% Policy guidance in developer tools Approved open source licenses Approved open source components Structured review process for components
- #OSS360 … But Organizations Still Struggle With Enforcement 24% Policy provides recommendations but is not reviewed or enforced 14% Code is manually reviewed but policy is not consistently enforced Only 15% indicated enforcement with automated controls, while 25% review code via manual controls and enforcement
- #OSS360 RISK
- #OSS360 Organizations Highlight Ongoing Open Source Risks …. 61% 64% 66% 71% 74% Adherence to internal development policies Exposure of internal systems to exploitation Intellectual property concerns Exploitation of public facing applications Unknown quality of components
- #OSS360 50% Indicated open source reviews rely primarily on developer information 38% Don’t review code for open source …. But Open Source Reviews Aren’t Thorough 45% review for open source code usage during development
- #OSS360 Open Source Code Review Models 23% 27% 28% 38% String search and visual inspection Internally developed tools Third party tools No open source code review Over 60% had no structured open source code review process
- #OSS360 Manual Vulnerability Assessments Challenge Security Orgs 25% have no process for identifying, tracking or remediating known open source vulnerabilities OVER 50% say internal resources manually identify and track remediation of known open source vulnerabilities OVER
- #OSS360 57% Developers responsible for identifying and tracking open source vulnerabilities 40% Security Team takes ownership of tracking code usage 26% Nobody has explicit responsibility Shift From 2016 50% revealed no team took responsibility for tracking open source vulnerabilities Open Source Security Is a Shared Responsibility
- #OSS360 LOOKING FORWARD
- #OSS360 2017 Insights • The world’s appetite for open source software continues at a furious pace. • Open source solutions reduce development costs and increase time to market • Awareness of security risks in open source components is increasing • Even if organizations aren’t aware of their open source usage, open source is present in IT workloads in 90% of organizations
- #OSS360 Open Source is Fundamental to Modern Software Driving Us Forward • Default development model for new apps • Builds on the success of others • Shares critical expertise between orgs • Accelerates product innovation • Solves critical business problems • Improves IT processes
- #OSS360 Challenges Ahead • Effective management of open source is not keeping pace with its increased usage • High profile vulnerabilities highlight a need for greater security process • Lack of automation opens the door to increased risk
- #OSS360 Own Your Success – Participate in OSS Communities Active community engagement … • Increases project vibrancy • Ensures project longevity and innovation • Reduces security risks • Ensures bugs are fixed quickly and properly Get involved. Build something amazing. Have fun.
- #OSS360 Questions?
- #OSS360 Thank You! Platinum CollaboratorsCollaborators
Hinweis der Redaktion
- Welcome to the Open Source 360 webinar, now in its eleventh year. For those of you have seen the Future of OpenSource Survey from Black Duck and NorthBridge in past years, this is the 2017 incarnation of that work.
- We want to extend a thank you to our collaborators, a survey of this magnitude would not be possible without your involvement. Our platinum collatorators extended the reach of the survey and were instrumental in understanding the impact of our results in a global marketplace. They also provided detailed case studies which are part of the slideshare deck on the Black Duck Software slideshare page. Today’s presentation contains a subset of this information and will also be on my slideshare. Attendees will receive links to these decks following our presentation. http://slideshare.net/blackducksoftware
- To set the stage for todays webinar, we’re going to start by looking at the core demographics behind the data and from there look at how open source is used in organizations. We’ll cover open source adoption, what “Open Source Risk” risk means, and how to manage and remediate those risks.
- The Open Source 360° Survey included global participation from IT professionals in 91 countries. Major technology powerhouses such as the US, Germany, UK, Canada and India featured prominently in the results. Last year’s survey saw responses from 64 countries and the increase is partly attributable to the role open source technologies play in creating technology independence.
- Infographic
- Infographic
- Infographic
- Infographic
- Infographic
- Infographic
- Most Organizations Encourage Developers and Contribute Bug Fixes. Some Go Well Beyond That.
- Infographic
- Infographic
- Infographic
- Infographic
- Infographic
- Even if organizations aren’t aware of their open source usage, open source is present in IT workloads in 90% of organizations